Liferay using CAS for authentication

留言板

David Jefferson，修改在14 年前。

Liferay using CAS for authentication

New Member 帖子: 22 加入日期: 09-9-6 最近的帖子

I'm running into some curious behavior and hoping someone can provide some insight...

I've setup a development instance of Liferay to authenticate against our CAS server.

When I try to login in to LR I get the CAS login page as expected, I authenticate successfully against CAS, and I'm redirected back to LR. So far so good... but when I get redirected back to LR I end up on the the LR login prompt, where I again have to enter my login credentials. After doing this I end up on my LR homepage as expected.

So... is there a configuration setting that I need to define that tells LR to not use the LR login prompt if I'm authenticating against CAS.

Another thing that I'm seeing is that after logging in again with the LR login prompt my password is getting updated in the database. For dev/testing purposes I'm using unencrypted passwords (passwordEncrypted=0). When I login using CAS, then the LR login page, I can see that my password is getting updated in the DB because after doing the authentication two-step it is getting encrypted and the passwordEncrypted value is now true.

Is there a reason the LR login prompt is updating the password? That seems like very bizarre behavior to me.

I'm using LR community edition 5.2.3.

Lisa Simpson，修改在14 年前。

RE: Liferay using CAS for authentication

Liferay Legend 帖子: 2034 加入日期: 09-3-5 最近的帖子

There is a setting for it in the control panel.

Yes, for security Liferay will encrypt the password and change the setting

Once you configure CAS properly, you won't be using that table any more anyway for passwords